Information security - All measures taken to prevent unauthorized use of electronic data
- unauthorized use includes disclosure, alteration, substitution, or destruction of the data concerned
- Provision of the following three services
- Confidentiality
- Integrity
- assurance that data is genuine
- Availability
- system still functions efficiently after security provisions are in place
- No single measure can ensure complete security
Why is information security important? - Governments, commercial businesses, and individuals are all storing information electronically
- compact, instantaneous transfer, easy access
- Ability to use information more efficiently has resulted in a rapid increase in the value of information
- Information stored electronically faces new and potentially more damaging security threats
- can potentially be stolen from a remote location
- much easier to intercept and alter electronic communication than its paper-based predecessors
- Confidentiality: concealment from unauthorized parties
- identification – unique identifiers for all users
- authentication
- authorization - allowing users who have been identified and authenticated to use certain resources
- Integrity: assurance the data is has not been modified by unauthorized parties
- non-repudiation
- proof of integrity and origin of data which can be verified by any third party at any time
- Confidentiality + integrity system security
- However, it is not enough for system to be secure
- System must also be available
- must allow guaranteed, efficient and continuous use of information
- security measures should not prohibitively slow down or crash system or make it difficult to use
- what good is a secure system if you can’t use it?
- Cryptographic systems
- high level of security and flexibility
- can potentially provide all objectives of information security: confidentiality, integrity, and availability
Do'stlaringiz bilan baham: |
